Secure VSAT to prevent cyber attacks

Satellite communications can be the entry point for malicious cyber threats that shipping companies need to close. As ships become further automated and onboard systems more connected to the internet, owners, operators and managers must ensure they have adequate protection and the ability to recover rapidly from a cyber attack.

Owners also need to incorporate cyber security into their safety management systems by 1 January 2021 to remain compliant with IMO’s amendments to the International Safety Management (ISM) Code.

In addition, there are requirements from the US Coast Guard for vessel owners and operators to ensure they have risk-assessed their networks and computers against cyber threats. Organisations such as BIMCO and classification societies have published guidance on how to protect ships from cyber attacks and comply with the revised ISM Code.

According to DNV GL head of section Georg Smefjell, owners need to identify vulnerable systems on their ships, then improve their protection ensuring they have methods of detecting and responding tosecurity breaches and measures to restore systems.

Some of the most vulnerable systems on a vessel are its satellite communications equipment, IT networks and systems controlling crew welfare services, operational data flow and passenger-facing public networks.

DNV GL cyber security team leader Svante Einarsson says owners should conduct “risk assessments looking at the likelihood and consequences of system compromises”. By generating a risk matrix,they can “calculate measures to mitigate risk or reduce risk levels with protection barriers”.

Although it is difficult to predict a cyber attack, ship operators need to “test how easy it is to compromise systems, remembering more connectivity means systems are easier to compromise” says Mr Einarsson. The consequences of a successful attack can then be reviewed, looking at “availability of systems, integrity and confidentiality.”

Penetration testing will help owners to identify vulnerabilities. Segregating crew welfare networks from the operational communications and IT on ships mitigates the risk to onboard systems.

VSAT hardware can be vulnerable if software is not updated and passwords regularly changed. Recent penetration testing demonstrated the ease of breaching modems and antenna controls.

Ethical hackers discovered some modems only support insecure protocols for their management and applicationor were vulnerable to reflected cross-site scripting on the web interface. This meant hackers could add their own code to the modem, send links and execute codes, create fake passwords and capture cookies.

Some modems only support insecure protocols such as hyper test transfer protocol (HTTP) and Telnet. These clear-text protocolsallow a hacker to identify credentials or other sensitive information.

Vendors have responded to these issues by using secure protocols with encryptionfor web traffic to prevent any attacks or hackers snooping on sessions. Satellite communications terminals are critical onboard equipment that must be kept updated and secureusing the latest software and firewalls.

Onboard cyber security should remain tight and staff trained in maintaining integrity and swiftly responding to any compromises.

BIMCO recommends operators change administration passwords away from the default as hackers can find these on the dark web and access theterminal administration interface.

Protecting this interface will prevent hackers from accessing critical networks on the ship, tamper with the software and introduce security flaws.Administration passwords should be regularly changedwithno written reminders left beside terminals.

Firewalls must be enabled on VSAT systemsas the first line of defence against cyber threats. If the vessel’s connections to mobile networks is separated from the satellite terminal, a standalone firewall can protect the business network.

Vulnerable email

Once satellite communications hardware is cyber secure and firewalls in place, another line of defence is the crew. Train seafarers to identify malicious or phishing email.

In February, Dryad Global and Red Sky Alliance published a report identifying new phishing emails attempting to entice shipping company employees to accidently start Trojan malware. There was an increase in malicious emails attempting to deliver this malware, including ransomware andcryptocurrency miners.

There is also an increased threat of malicious emails and unsolicited messages because the coronavirus pandemic forces staff to work remotely on less secure networks. GTMaritime operations directorJamie Jones warns shipping companies to expect more scammers and phishing attempts.

“Shipping companies are reconfiguring their shore-based operations in response to the spread of coronavirus, but employees can expect to receive unsolicited messages geared to exploit their personal anxieties about the epidemic,” Mr Jones says.

Scammers created websites selling bogus products,using fake emails, texts and social media posts to seek out personal information or financial reward. Under cover of promoting awareness, offering prevention tips or providing fake information about cases local to the recipient, fraudsters can request donations or deliver malicious email attachments to spread malware or steal log-in credentials.

“IT professionalsmust monitor and contend with emerging risks across multiple territories,” says Mr Jones. “Companies should ensure their IT infrastructure is robust.”

Crew and shore-based employees should disregard unsolicited emails claiming to be from official health agencies with new information about Covid-19, ignore online offers for vaccinations, treatments or cures and be extremely wary of attachments. They should not click on links from unknown sourcesorreveal personal or sensitive operational details in emails.

Our Tankers and Terminals: Gas Carriers Webinar Week takes place week beginning Tuesday 16 June and focuses on gas carrier tankers and terminals. Each 45 minute webinar covers a different facet of tanker and terminal operations and will take in technical, commercial, operational and regulatory aspects. The agendas are packed with the latest industry data, expert analysis of key trends, fresh case studies, and the critical business information required for strategic decision making.

Our Maritime Leaders Webinar Week unites leaders from a particular segment in an open discussion on what’s required to survive and thrive in the year ahead. Each 45 minute webinar will cover technical, regulatory, operational and commercial considerations with the maritime professionals you want to hear from.

Our Marine Fuels Webinar Week gives operators insights into the available and emerging marine fuels and which make most sense for their operational profiles. Each 45-minute webinar explores a different marine fuel from technical, regulatory, operational and commercial perspectives with the experts you want to hear from.